search menu icon-carat-right cmu-wordmark

CERT Coordination Center

CERT/CC Vulnerability Notes Database


Published Public Updated ID CVSS Title
2022-11-08 2022-11-08 2023-01-25 VU#434994 Multiple race conditions due to TOCTOU flaws in various UEFI Implementations
2022-11-01 2022-11-01 2023-01-24 VU#794340 OpenSSL 3.0.0 to 3.0.6 decodes some punycode email addresses in X.509 certificates improperly
2023-01-17 2023-01-17 2023-01-23 VU#572615 Vulnerabilities in TP-Link routers, WR710N-V1-151022 and Archer C5 V2
2023-01-17 2023-01-17 2023-01-17 VU#986018 New Netcomm router models NF20MESH, NF20, and NL1902 vulnerabilities
2022-10-07 2022-10-07 2023-01-12 VU#730793 Heimdal Kerberos vulnerable to remotely triggered NULL pointer dereference
2022-11-16 2022-01-10 2023-01-03 VU#709991 Netatalk contains multiple error and memory management vulnerabilities
2022-09-27 2022-09-27 2023-01-03 VU#855201 L2 network security controls can be bypassed using VLAN 0 stacking and/or 802.3 headers
2021-12-15 2021-11-29 2022-12-08 VU#930724 Apache Log4j allows insecure JNDI lookups
2021-01-19 2021-01-19 2022-11-21 VU#434904 Dnsmasq is vulnerable to memory corruption and cache poisoning
2022-10-03 2022-10-03 2022-11-10 VU#915563 Microsoft Exchange vulnerable to server-side request forgery and remote code execution.
2022-02-01 2022-02-01 2022-11-09 VU#796611 InsydeH2O UEFI software impacted by multiple vulnerabilities in SMM
2022-08-11 2022-08-11 2022-09-28 VU#309662 Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
2021-08-10 2021-08-10 2022-09-23 VU#608209 NicheStack embedded TCP/IP has vulnerabilities
2020-06-16 2020-06-16 2022-09-20 VU#257161 Treck IP stacks contain multiple vulnerabilities
2022-05-09 2022-05-02 2022-08-29 VU#473698 uClibc, uClibc-ng libraries have monotonically increasing DNS transaction ID

Sponsored by CISA.